Apple on Wednesday responded to growing concern over a bug in the iOS mobile operating system that powers the iPhone and iPad, informing customers that it is not tracking them and revealing that it will address the issue with a forthcoming software update.

The information was revealed as part of a list of questions and answers publicized Wednesday in a press release. Apple said that complex technical issues with devices like the iPhone are "hard to communicate in a soundbite."

The company also said it will release a free update for the iOS mobile operating system in the next few weeks that will address the location tracking bug. This update will reduce the size of the database file, encrypt the file, and ensure it is deleted if users disable location services on their iPhone or 3G-connected iPad.

The full list of questions and answers is included below:

Apple would like to respond to the questions we have recently received about the gathering and use of location information by our devices.

1. Why is Apple tracking the location of my iPhone?

Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.

2. Then why is everyone so concerned about this?

Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite. Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date.

3. Why is my iPhone logging my location?

The iPhone is not logging your location. Rather, it?s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone?s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

4. Is this crowd-sourced database stored on the iPhone?

The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone?s location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).

No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

6. People have identified up to a year?s worth of location data being stored on the iPhone. Why does my iPhone need so much data in order to assist it in finding my location today?

This data is not the iPhone?s location data?it is a subset (cache) of the crowd-sourced Wi-Fi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location. The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don?t think the iPhone needs to store more than seven days of this data.

It shouldn?t. This is a bug, which we plan to fix shortly (see Software Update section below).

8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?

Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.

9. Does Apple currently provide any data collected from iPhones to third parties?

We provide anonymous crash logs from users that have opted in to third-party developers to help them debug their apps. Our iAds advertising system can use location as a factor in targeting ads. Location is not shared with any third party or ad unless the user explicitly approves giving the current location to the current ad (for example, to request the ad locate the Target store nearest them).

10. Does Apple believe that personal information security and privacy are important?

Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.

Software Update

Sometime in the next few weeks Apple will release a free iOS software update that:

reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,

ceases backing up this cache, and

deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

Wednesday's statement by Apple confirms earlier rumors that the size and scope of the location tracking file "consolidated.db" was an oversight by Apple, and that the company is planning a fix. Still, public reaction to the existence of the file was strong, prompting lawsuits, government investigations around the world, and a scheduled hearing on mobile privacy in the U.S. Senate.

The issue gained attention after two security researchers publicized their findings related to the "consolidated.db" file stored on the iPhone. Though the file created by iOS 4 is not sent to Apple or anyone else, it keeps a detailed list of locations a user has been and is saved unencrypted on the phone, as well as in iTunes backups.

Comments

So Apple admits that storing the data for so long and transferring it to itunes is a bug, and also that storing the data with location services turned off is a bug with a fix coming soon. No data was transferred to Apple with any personal info attached. As I tell my 14-year-old, it take more guts and shows more character to say that you were wrong about something than to continue to deny it,

So Apple admits that storing the data for so long and transferring it to itunes is a bug, and also that storing the data with location services turned off is a bug with a fix coming soon. No data was transferred to Apple with any personal info attached. As I tell my 14-year-old, it take more guts and shows more character to say that you were wrong about something than to continue to deny it,

Are you saying it's a good release, or a bad one? My first read was that you meant they were denying things, but upon my second read I think you meant they admitted mistakes and explained things clearly.

I think it's an excellent press release. It clears up questions and falsehoods in the media. The rumors were that our phones were storing our locations over the past year, and that Apple was tracking individual users' locations. Both of these have proven false.

So this is not a log of where your phone has been - i liked the idea that I could use it as a record of where the device has been - but unless the official statement is inaccurate - it means that the database is not where MY device has been but rather where ANY device has been within a relevant geographical distance from where I am.

and I as I posted before and was corrected by someone it is not a database of YOUR location but of cell towers near you - which is very different.

and explains why some folks have data points very far away from anywhere they have been - and even why some areas such as Chicago have a brighter heat map than my home location - not because I was there more etc - but because there are more iPhones there - or more cell points - or more folks using 3G than WiFi - or some other disparity in the data type or collection method that skews the results.

for the conspiracy theorists out there this doesn't change anything - since it could be read as simple mis-direction that satisfies the average person - but really they are not saying that the data will not be collected - just that the parameters of that collection and backup to computer will change and it will be hidden (encrypted).

Still - if the data is only cached for areas that you have been near - and the timestamps only around the time you were there - the data could still be used to say that your device was in the Austin, Texas area between Aug 1st and Aug 4th - for example - and that could be enough in some cases to help investigators place someone in the vicinity of a crime for example - or show that your device was somewhere else during that time - of course all the details about gaming the system etc still apply - so unless you are dumb enough to video tape yourself committing a crime then it would have to be circumstantial evidence at best. - and yes, there have been folks who have done things like video taped themselves smashing mailboxes or shooting pedestrians with paintballs and were convicted of misdemeanors etc based on the evidence in their own video.

Now..now Apple you have spoiled the fun. Can we get back to be freaking out like magicj used to be? Thanks.

This is a solid response. Ideally it would have come a few days earlier, but I appreciate Apple taking the time to figure out all the issues, and giving a detailed in depth response. They indicated there were 2 bugs. (1) They were saving the data for far too long. They have responsibly stated that this should be limited to 7 days, and will fix it. (2) They have identified that they are responsible for a lack of communication (phrased as education by them) with the user (3) They have responsibly stated every way they use the location information.

Who wants to take bets that the response will receive less than 1% of the coverage the original issue did?

Gee, that press release sounds an awfully lot like what sensible people were saying for several days now. Then again, half of it was explained last Summer. The only new info is about the crowd source DB subset.

I don't know really know how to say this, but I really don't give a crap about this location stuff. As far as I'm concerned Apple has taken the appropriate steps to warn users when their location and personal information is being used and the user has or has not consented to this, as the case maybe.

When I put my money down on my iPhone 3G, I expected to pay for smooth experience, which it has been. I connect to old networks seamlessly and have internet access as and when I need it. What more could I ask for?

Now that we are told the phone keeps the information for over a year, they are going to turn it off?

The answer to question 6:

"The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don?t think the iPhone needs to store more than seven days of this data."

This is a solid response. Ideally it would have come a few days earlier, but I appreciate Apple taking the time to figure out all the issues, and giving a detailed in depth response. They indicated there were 2 bugs. (1) They were saving the data for far too long. They have responsibly stated that this should be limited to 7 days, and will fix it. (2) They have identified that they are responsible for a lack of communication (phrased as education by them) with the user (3) They have responsibly stated every way they use the location information.

Who wants to take bets that the response will receive less than 1% of the coverage the original issue did?

come on now - what better to draw traffic that to start with a headline "APPLE tracks your every move..." and then after playing on people's fears close with - oh wait, no not really.

The story I want to hear is the outrage over all the other companies who quietly patch this same sort of bug without even mentioning it - and weeks or months after they could have or should have etc.

And you know every story about every other company will have Apple mentioned.

Are you saying it's a good release, or a bad one? My first read was that you meant they were denying things, but upon my second read I think you meant they admitted mistakes and explained things clearly.

I think it's an excellent press release. It clears up questions and falsehoods in the media. The rumors were that our phones were storing our locations over the past year, and that Apple was tracking individual users' locations. Both of these have proven false.

I'm saying that they did a nice job of clearing up this issue with a good explanation and resolution.

Mbarriault, you read Engadget comments? And still well enough to post here? Commendable!!

I've warned before not to read the comments in Engadget articles. They have the worst name-calling, immature and angry posters on the web IMHO. No matter what the article was about, some Apple or Android (or rarely Windows) fan will jump in with something totally unrelated and the mud-slinging starts.

I don't know really know how to say this, but I really don't give a crap about this location stuff. As far as I'm concerned Apple has taken the appropriate steps to warn users when their location and personal information is being used and the user has or has not consented to this, as the case maybe.

When I put my money down on my iPhone 3G, I expected to pay for smooth experience, which it has been. I connect to old networks seamlessly and have internet access as and when I need it. What more could I ask for?

I seem to recall with the iPhone 4 (or maybe an earlier version) either Apple touting how much faster the phone can find your location or reviewers noting it. It sounds like it?s a direct result of their crowd sourcing DB.